# BLS Multi-Signatures With Public-Key Aggregation

**Authors:**

*D. Boneh, M. Drijvers, and G. Neven*

** Abstract: **

This short note describes a simple approach for aggregating many
BLS signatures on a common message, so that verifying the short
multi-signature is fast.
Moreover, the system supports public key aggregation,
where the verification algorithm only uses a short aggregated public key.
The original public keys are not needed for verifying the
multi-signature.
An important property of the construction is that the scheme is secure
against a rogue public-key attack *without* requiring users to
prove knowledge of their secret keys (this is sometimes called
the plain public-key model).
The construction builds upon the work of Bellare and Neven,
and the recent work of Maxwell, Poelstra, Seurin, and Wuille.

** Reference:**

web note

**Full paper:**
html

**Related papers:**
The full version of this work titled *Multi-signature schemes for Bitcoin*
is currently under review.